CVE-2018-7117

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

1.2%

top 21.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HP Integrated Lights-out 5 Firmware

Timeline

PublishedApr 9

Latest updateMay 14

Description

A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5hpe_integrated_lights-out_5_(ilo_5)_for_hpe_gen10_serversiLO5 prior to v1.40

▶NVDhp/integrated_lights-out_5_firmware< 1.40

🔴Vulnerability Details

GHSA

GHSA-fwp6-mh53-2pxx: A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant S↗2022-05-14

▶

CVEList

CVE-2018-7117: A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant S↗2019-04-09

▶